Splunk Enterprise

How can I send event log to custom search commands

bkhwang
Explorer

 

Hello !!

I want to read index=test line by line and then analyze log by  log_dict and parser_log  function..

is it possible?? 

I am very desperate to solve this problem. please help me..ㅠ.ㅠ

 

 

 

@Configuration()
class GenerateTESTCommand(GeneratingCommand):
    
    event_log = read event_log(index)
    
    def generate(self):
        log = self.log_dict(self.event_log)
        if log:
            try:
                result = self.parse_log(log)
                yield result
                
            except BaseException as ex:
                print(log, ex)

 

 

 

 

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

If you are struggling to write a custom command, perhaps if you describe exactly what you are trying to achieve, there may be another way to do it with SPL?

0 Karma

bkhwang
Explorer

Event log looks like  event_log = ' "srcip" = "1.1.1.1"'

Analyze event_log using python script(searchcommand)

After analyze, new_log made

python script -> shodan.api(event_log) -> new_log

new_log = '"srcip" = "1.1.1.1", "srccountry=Japan"'

0 Karma

bkhwang
Explorer

Umm  I want to analyze my office log by other platform(like shodan)  

Firtst, I send firewall log  to splunk server and make index  like index='test'

Second, if new log occured, my custom searchcommands read log and return new log which analyzed by shodan, censys.

Third, Draw  graphes on dashboard with a new log 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

That doesn't really explain what analysis shodan is doing so it is not possible to determine whether this could be done in SPL instead.

0 Karma
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...